If anyone has any doubts about the scope of the NSA's wiretapping and Internet surveillance network, let me recommend listening to a real professional of the IT industry.
Mr. Caspar Bowden, Microsoft's former Chief Privacy Adviser has released a presentation done for the European Union Cloud Data Protection Strategy in Brussel.
So did the European governments know about the scope of U.S. foreign surveillance before the NSA leaks? Short answer - Yes.
This presentation was given before the leaks to EU government officials. I added a few of my own explanations for clarification purposes. Read on and prepare to get your jaw dropped.
Foreign Intelligence Surveillance Act Amendments Act of 2008 (FISAAA)
ECPA 1986 provision to the public of computer storage or processing services by means of an electronic communications system (Cloud).
Purely political surveillance
Surveillance of ordinary democratic and lawful activities
Completely unlawful under the European Convention on Human Rights (ECHR)
Secure Socket Layer useless
Access reaches inside the SSL through the Foreign Intelligence Surveillance Act §1881a
Cloud Providers (Google, Apple, Yahoo, Akamai) will have to cooperate to build capabilities on the OSI Layer where E-Mails and Files can be intercepted directly, because packet reconstruction on a lower OSI Layer is not efficient enough
EU data at risk completely
Technical defences useless
Consumer-Grade encryption not NSA-proof
Trusted Platform Module 1.2 (TPM) is broken
EU is working on similar data surveillance programs
The European Telecommunications Standards Institute ETSI develops since 2012 a Lawful Interception as a Cloud Service LIaaS - Using the Cloud to surveil the Cloud and rendering all SSL applications useless.
Article 29 of the EU Data Protection Working Group states:
The need to be transparent where national legislation prevents the group from complying with the BCR - Any legally binding request for disclosure of the personal data by a law enforcement authority shall be communicated to the data Controller unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation."
In plain english: The EU intercepts all data from Internet companies and does not have to tell the intercepted organisations about the surveillance.
Advise to Cloud Users
Avoid US organisations, e.g. those that rely on Safe Harbor compliancy
Avoid organisations that exclude lawful foreign requests from organisation's data protection model
Prefer exclusive jurisdiction organisations
Prefer Open-Source stacks, with verfiable trail of code
European Union personal data is naked and unprotected to the NSA and the U.S. Foreign Intelligence Surveillance Act Amendments Act of 2008
No defenses today nor planned
EU Commision and MEPs did not know about the Surveillance Act 1881a until 2012
Free/Libre Open Source Software has crucial security advantages for Cloud
Safe-Harbour is an Oxymoron (the Opposite of its title), where all 7 principles on which the deal is based upon are void
Caspar Bowden, Former Chief Privacy Adviser to Microsoft 2002-2011, Director of Foundation for Information Policy Research 1998-2002. http://www.surveillancehumanrights.org/uploads/EUClouddataprotectionstrategyBrussels-CasparBowden-28.5.2013.pdf
Article 29, EU Data Protection Working Group, 2012: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp195_en.pdf
ETSI developing LIaaS, 2012: http://moechel.com/doqs/20120625,3GPPSA3LIDTR101567cloudinterceptionv01_0.pdf.